System and method of containing computer worms
US8549638B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jun 13, 2005 |
| Grant date | Oct 1, 2013 |
| Priority date | — |
| Expiry date | Dec 26, 2029 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/56
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computer worm containment system comprises a detection system and a blocking system. The detection system orchestrates a sequence of network activities in a decoy computer network and monitors that network to identify anomalous behavior and determine whether the anomalous behavior is caused by a computer worm. The detection system can then determine an identifier of the computer worm based on the anomalous behavior. The detection system can also generate a recovery script for disabling the computer worm or repairing damage caused by the computer worm. The blocking system is configured to use the computer worm identifier to protect another computer network. The blocking system can also use the recovery script to disable a computer worm within the other network and to repair damage caused to the network by the worm.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.